Playing with Liferay II

While setting up my sandbox Liferay install, I ran into a few issues/questions that in my opinion, the docs were not too clear on.

How do you set up default content for new users?

The first one was how do you set up default page hierarchies for new users. Essentially, in my case I have set up Liferay to perform authentication against our Windows Active Directory domain. So I do not have to explicitly create new user accounts in Liferay. As and when users login for the first time to Liferay, their Liferay portal accounts get created (i.e. created in the Liferay Portal database). I was not too clear after skimming through the Liferay documentation and playing with the administration, on how to set up default page hierarchies deploying standard/custom Liferay portlets for new users.

The answer was two-part. The first part involved creating groups (that are very different from the concept of user groups that I am used to) that are essentially communities and similar to virtual portals in the WebSphere Portal sphere. For each group, you can go edit pages using the administration portlet, and create the requisite page hierarchies with the relevant portlets laid out on those pages. Fairly straight forward and this part is pretty clear from exploring the product! Then came the question of how do I associate new users that do not exist in the Liferay Portal with the group(s) (or default page hierachies) that I had created. I explored the admin portlet but did not see anything obvious. On the user management screen, I saw the ability to create new users explicitly and below that were various other options that looked related to new user creation. However, I finally clicked on the “Default Groups and Roles” link below the new user creation form and that was the answer to my question. Basically, you can define roles and groups that are automatically assigned to new users. This enables you to set up new users with access to default page hierarchies.

Easy enough when you figure it out! However, there seem to be several issues here –

qThe biggest issue is that Liferay is not aware of the external user repository. It is only aware of its internal user repository and users are only added there once users login to Liferay. So if my external user repository (LDAP – Active Directory being Microsoft’s implementation) has users and user groups set up, there is no default way to utilize the user groups in Liferay.

qAdditionally a page hierarchy can only be visible to a single Liferay group. So if I want one set of users (group A) to see a page hierarchy, and another set (group B) to see the same page hierarchy but with one additional page, I have to create two groups and create the identical portions of the page hierarchy twice. Of course, if it is acceptable for a user from group B to see 2 different communities – group A with the common pages and group B with the single additional page, then Liferay’s model. Otherwise, it looks like a lot of unwelcome administrative overhead.

Switching to a more robust database after a bundled install

For initial investigation, I had chosen to perform a bundled install of Liferay with JBoss and Tomcat – this was pretty cool as I was able to have it running in a jiffy! However, after a couple of days I wanted to switch Liferay to using MySQL – this was pretty straightforward and simply involved creating a MySQL database, populating it with Liferay tables/seed data using a SQL script, plopping in the MySQL drivers in the JBoss lib folder, and updating the liferay-ds.xml file used for data source configuration. Pretty simple unless you do what I did – I renamed the liferay-ds.xml to liferay-ds.xml.original and configured MySQL using a new liferay-ds.xml. Well that ends up causing issues as JBoss ends up initializing from liferay-ds.xml.original as well. So only have a single liferay-ds.xml configuration file in the JBoss deploy folder!

Public and private events in the calendar

Somehow I was not too clear that the Desktop community home page is a private page that is specific to each user and that the calendar portlet on that page is not shared. So any events that you create on the calendar portlet on the Desktop community can only be private events. And the corollary to this is that all events created on any other community are public events that are visible to all users that have access to that community.

IMHO, it would have been a better design to have the “Add Event” capability accommodate the user being able to designate the event as a private or shared event. And for a shared event, indicate the groups with access to that event. And from an access control perspective, it would be easy to ensure that the user creating the event can only make the event available on the communities that that user has access to.

Currently if I have an event that I want to be visible to multiple groups, I need to create that event once for each group! L It should be pretty easy to modify the “Add Event” to support what I am suggesting. Maybe I will do real work for a change and I actually code a variant of the “Add Event” that implements my suggestion.

Signing off

I typed this up on my flight from Austin to Colorado Springs and it is time to sign off. However, I have quite a lot more to say about authorization in Liferay – I believe that there are significant limitations in this area. But overall, Liferay is certainly worth a look and can work for many organizations in the SMB space.

Share this:

Like this:

LikeLoading...

Related

This entry was posted on February 6, 2006 at 8:21 am and is filed under Java, LiferayPortal.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.

the user if password works via ldapbrowser but authentication does not work in liferay i have turned on authenticate by userid and not email ,
if i disable the top line it logs in ok using the database

ashsaid

While I’m trying to integrate portlets using liferay, I’m struck with the user management part.

I have imported the users from LDAP to Liferay. There are around 2500 users in the system. I’m trying to assign roles to the users depending on their Job Title. All users with job title as ‘Manager’ needs to be assigned with role ‘Manager’.

It is very difficult to assign this role to each and every manager one by one. Is there a way to achieve this in bulk, like a batch update?

I am certainly on it in terms of looking at Liferay 4.0. It certainly seems to have some good enhancements – congrats on a great job!

At first glance though, I am a little disappointed with the access control enhancements – I still dont see how I could have pages on a single community with different user groups having different access rights on each page. I can certainly see the need for a “Human Resources” community that has some pages that are more privileged than others. I know about the new private/public pages within a community feature – that is useful but not the solution for my problem. I do not necessarily want to limit the more privileged pages in the “Human Resources” community to the community members. I could want to limit those pages to a certain managers group in my LDAP.

Basically, what I am looking for is the ability to set access control on a page within a community for a given LDAP group.

Probably not making much sense since I am in a hurry, but will post later more coherently or so I hope!